You are here

Home » API reference » Drupal 4 » node.module

function node_access in Drupal 4

Same name and namespace in other branches
  1. 5 modules/node/node.module \node_access()
  2. 6 modules/node/node.module \node_access()
  3. 7 modules/node/node.module \node_access()

Determine whether the current user may perform the given operation on the specified node.

Parameters

$op: The operation to be performed on the node. Possible values are:

  • "view"
  • "update"
  • "delete"
  • "create"

$node: The node object (or node array) on which the operation is to be performed, or node type (e.g. 'forum') for "create" operation.

$uid: The user ID on which the operation is to be performed.

Return value

TRUE if the operation may be performed.

Related topics

Node access rights
The node access system determines who can do what to which nodes.
17 calls to node_access()
blogapi_blogger_edit_post in modules/blogapi.module
Blogging API callback. Modifies the specified blog node.
blogapi_blogger_new_post in modules/blogapi.module
Blogging API callback. Inserts a new blog post as a node.
blogap_mti_publish_post in modules/blogapi.module
Blogging API callback. Publishes the given node
comment_menu in modules/comment.module
Implementation of hook_menu().
node_add in modules/node.module
Present a node submission form or a set of links to such forms.

... See full list

1 string reference to 'node_access'
system_update_169 in database/updates.inc

File

modules/node.module, line 2374
The core that allows content to be submitted to the site.

Code

function node_access($op, $node = NULL, $uid = NULL) {

  // Convert the node to an object if necessary:
  if ($op != 'create') {
    $node = (object) $node;
  }

  // If the node is in a restricted format, disallow editing.
  if ($op == 'update' && !filter_access($node->format)) {
    return FALSE;
  }
  if (user_access('administer nodes')) {
    return TRUE;
  }
  if (!user_access('access content')) {
    return FALSE;
  }

  // Can't use node_invoke(), because the access hook takes the $op parameter
  // before the $node parameter.
  $access = module_invoke(node_get_base($node), 'access', $op, $node);
  if (!is_null($access)) {
    return $access;
  }

  // If the module did not override the access rights, use those set in the
  // node_access table.
  if ($op != 'create' && $node->nid && $node->status) {
    $grants = array();
    foreach (node_access_grants($op, $uid) as $realm => $gids) {
      foreach ($gids as $gid) {
        $grants[] = "(gid = {$gid} AND realm = '{$realm}')";
      }
    }
    $grants_sql = '';
    if (count($grants)) {
      $grants_sql = 'AND (' . implode(' OR ', $grants) . ')';
    }
    $sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) {$grants_sql} AND grant_{$op} >= 1";
    $result = db_query($sql, $node->nid);
    return db_result($result);
  }
  return FALSE;
}